Bit9 hacked, customers targeted with malware

Bit9, a company that provides security solutions to customers, said it was hacked and a number of its customers were targeted with malware. It admitted that it could have avoided the hack if it had implemented its own software properly on its network.

Bit9 is a "white listing" service provider with customers that range from government agencies to financial firms. White listing protects systems from being attacked by only allowing software from trusted vendors.

The hackers breached a system that Bit9 uses to digital sign its software so that its customers know its safe to run on their systems. They then signed malware using Bit9's digital signature and pushed it out to several of its customers.

"Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network," Chief Executive Patrick Morleywrote.

"As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware."

In 2011, a similar attack was made against RSA Security, when hackers stole information about its SecurID system. Two months after the breach, the hackers used the information to launch attacks against Lockheed Martin.

1 user comment

Why most of these so called security firms that store your data dont tell you hi where running windows server 2003 or hi where running the latest windows server version which has been hack bent over a table patched and taken for a ride.

Even as a beta tester i had to test the 30 day trial for windows server 2003 within 5 minutes i had ti activated the timebomb removed replaced the driver cab from a legit version of windows xp pro and installed a service pack done